The Cloud Access Security Broker (CASB) market is mainstream. Venture backed startups are being acquired and Big Tech firms are positioning themselves to be better aligned with this new tech disruption. Enterprises are moving from talk to action in implementing solutions that better protect their data in the new frontier of Cloud. Since CASB solutions are new, many organizations are seeking guidance on how to properly evaluate tools and vendors in light of their compliance and risk mitigation requirements.
The goal of this paper is to provide a kickstart through a working set of requirements for organizations to leverage, and modify as needed in their search for a CASB solution. This set of requirements provides some structure on how CASBs fit in the overall Information Security strategy. This paper is designed to provide key requirements that organizations can use as input consideration for their CASB initiative. Each requirement provides specific features that are important in most organizations, but specific risk mitigation priorities must be analyzed and decided within each organization. For instance, Cedrus has provided examples of integrations such as Security Information and Event Management (SIEM), but each organization’s needs may be more specific about a particular SIEM.